9.3

CVE-2006-4868

Exploit

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version6.0
   MicrosoftWindows 2000 Updatesp4
   MicrosoftWindows 2003 Server
   MicrosoftWindows 2003 Server Editionitanium
   MicrosoftWindows 2003 Server Editionx64
   MicrosoftWindows 2003 Server Updategold
   MicrosoftWindows 2003 Server Updatesp1
   MicrosoftWindows Xp
   MicrosoftWindows Xp Updatesp1
   MicrosoftWindows Xp Updatesp2
MicrosoftOutlook Version2003
   MicrosoftWindows 2000 Updatesp4
   MicrosoftWindows 2003 Server
   MicrosoftWindows 2003 Server Editionitanium
   MicrosoftWindows 2003 Server Editionx64
   MicrosoftWindows 2003 Server Updategold
   MicrosoftWindows 2003 Server Updatesp1
   MicrosoftWindows Xp
   MicrosoftWindows Xp Updatesp1
   MicrosoftWindows Xp Updatesp2
MicrosoftInternet Explorer Version5.0.1 Updatesp4
   MicrosoftWindows 2000 Updatesp4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 63.98% 0.984
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.